<?php
//add news
function news_add() {
	global $conf;

	SQLvalidate($_POST['category']);
	SQLvalidate($_POST['date'], 'varchar');
	SQLvalidate($_POST['author']);
	SQLvalidate($_POST['visible']);

	if(!perms_check('news', 'write')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}
	
	$languages = get_lang_list();
	foreach($languages as $l){
		SQLvalidate($_POST["text_$l"], 'text');
		SQLvalidate($_POST["title_$l"], 'varchar');
		$_POST["text_$l"]=post_text($_POST["text_$l"]);
		$_POST["title_$l"]=post_text($_POST["title_$l"]);
		if(!empty($_POST["text_$l"]) && $_POST['visible']==1)
			cat_update_values($_POST['category'], 1, 'news_'.$l);
	}
	
	$db = new dbquery;
	$author = $_POST['author'];
	if($_POST['visible']==1)
	$visible = 1;
	else $visible = 0;

	if(!$_POST['category'])
		$category = 0;
	else
		$category = $_POST['category'];

	$query = "INSERT INTO $conf[prefix]news VALUES('', '$_POST[date]', $author, '$_POST[source]', '$_POST[source_url]', '$visible', $category";
	foreach($languages as $l) {
		$query .= ", '".$_POST["title_$l"]."', '".$_POST["text_$l"]."'";
		if(is_module_installed('comments'))
			$query .= ", '0'";
	}
	$query .= ")";
	
	$db->query($query) or $db->err(__FILE__, __LINE__);

	//add log
	$t='title_'.$_SESSION['lang_short'];
	
	//

	redirect($_SESSION['redirect_2']);
	exit;
}
//

//editing news
function news_edit() {
	global $conf;

	SQLvalidate($_POST['id']);
	SQLvalidate($_POST['author']);
	SQLvalidate($_POST['category']);
	SQLvalidate($_POST['old_cat']);
	SQLvalidate($_POST['visible']);
	SQLvalidate($_POST['date'], 'varchar');

	if(!perms_check('news', 'edit')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	if($_POST['visible']==1)
	$visible = 1;
	else $visible = 0;
	
	$db = new dbquery;
	$db->query("SELECT * FROM $conf[prefix]news WHERE id=$_POST[id]") or $db->err(__FILE__, __LINE__);
	$d=$db->fetch_object();

	$languages = get_lang_list();
	foreach($languages as $l){
		SQLvalidate($_POST["text_$l"], 'text');
		SQLvalidate($_POST["title_$l"], 'varchar');
		$_POST["text_$l"]=post_text($_POST["text_$l"]);
		$_POST["title_$l"]=post_text($_POST["title_$l"]);
		
		$t='text_'.$l;
		if(($_POST['old_cat'] != $_POST['category'])) {
			if($visible) {
				if(!empty($d->$t))
					cat_update_values($_POST['old_cat'], 0, 'news_'.$l);
				if(!empty($_POST["text_$l"]))
					cat_update_values($_POST['category'], 1, 'news_'.$l);
			} elseif($visible==0 && $d->visible==1) {
				if(!empty($d->$t))
					cat_update_values($_POST['old_cat'], 0, 'news_'.$l);
			}
		} elseif(($_POST['old_cat'] == $_POST['category'])) {		
			if($visible) {
				if(!empty($_POST["text_$l"]) && empty($d->$t))
					cat_update_values($_POST['category'], 1, 'news_'.$l);
				elseif(empty($_POST["text_$l"]) && !empty($d->$t))
					cat_update_values($_POST['category'], 0, 'news_'.$l);
				elseif($d->visible==0) {
					if(!empty($_POST["text_$l"]))
						cat_update_values($_POST['category'], 1, 'news_'.$l);
				}
			} elseif($visible==0 && $d->visible==1) {
				if(!empty($d->$t))
					cat_update_values($_POST['category'], 0, 'news_'.$l);
			}
		}
	}

	$query = "UPDATE $conf[prefix]news SET ";

	foreach($languages as $l)
	$query .= "title_$l = '".$_POST["title_$l"]."', text_$l = '".$_POST["text_$l"]."', ";

	$query .= "date='$_POST[date]', author='$_POST[author]', source='$_POST[source]', source_url='$_POST[source_url]', cat='$_POST[category]', visible=".$visible." WHERE id=$_POST[id]";

	$db->query($query) or $db->err(__FILE__, __LINE__);

	//add log
	$t='title_'.$_SESSION['lang_short'];
	
	//

	redirect($_SESSION['redirect_2']);
	exit;
}
//

//delete news
function news_delete($redirect=true) {
	global $conf;

	SQLvalidate($_GET['id']);

	if(!perms_check('news', 'del')) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$db = new dbquery;
	$db->query("SELECT * FROM $conf[prefix]news WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);
	$d=$db->fetch_object();

	if($db->num_rows()==0) {
		redirect($_SESSION['redirect_1']);
		exit;
	}
	
	//delete news
	$db->query("DELETE FROM $conf[prefix]news WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);
	//

	if(is_module_installed('comments')) {
		//delete news comments
		$db->query("SELECT * FROM $conf[prefix]comments WHERE whatid=$_GET[id] && what='news'") or $db->err(__FILE__, __LINE__);
		while($c=$db->fetch_object())
			comment_delete($c->id, false, false);
		//
	}
	
	//categories
	if($d->cat != 0 && $d->visible) {
		$languages = get_lang_list();
		foreach($languages as $l) {
			$t='text_'.$l;
			if(!empty($d->$t))
				cat_update_values($d->cat, 0, 'news_'.$l);
		}
	}
	//
	
	//add log
	$t='title_'.$_SESSION['lang_short'];
	
	//
	
	if($redirect) {
		redirect($_SESSION['redirect_2']);
		exit;
	}
}
//

//suggest news
function news_suggest() {
	global $conf;

	SQLvalidate($_POST['category']);
	SQLvalidate($_POST['author']);

	//checking fields
	if(!perms_check('news', 'suggest') or !checkCode($_POST['code'])) {
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	
	$languages = get_lang_list();
	foreach($languages as $l){
		$_POST["text_$l"]=post_text($_POST["text_$l"]);
		$_POST["title_$l"]=post_text($_POST["title_$l"]);
	}

	$db = new dbquery;

	$author = $_POST['author'];
	$visible = 0;

	if(!$_POST['category'])
		$category = 0;
	else
		$category = $_POST['category'];

	$query = "INSERT INTO $conf[prefix]news VALUES('', '$_POST[date]', $author, '$_POST[source]', '$_POST[source_url]', '$visible', $category";
	foreach($languages as $l) {
		$query .= ", '".$_POST["title_$l"]."', '".$_POST["text_$l"]."'";
		if(is_module_installed('comments'))
			$query .= ", '0'";
	}
	$query .= ")";
	
	$db->query($query) or $db->err(__FILE__, __LINE__);

	//add log
	$t='title_'.$_SESSION['lang_short'];
	
	//

	redirect('index.php?module=info&info=news_thx');
}
//

function news_multi_delete() {
	if(!perms_check('news', 'del')) {
		redirect('index.php?module=error&error=auh_error');
		exit;
	}

	foreach($_POST['ids'] as $id_) {
		$_GET['id']=$id_;
		news_delete(false);
	}

	redirect($_SESSION['redirect_2']);
	exit; 
}

function news_multi_add() {
	global $conf;
	if(!perms_check('news', 'write')) {
		redirect('index.php?module=error&error=auh_error');
		exit;
	}

	$db = new dbquery;
	
	foreach($_POST['ids'] as $id_) {
		$db->query("SELECT * FROM $conf[prefix]news WHERE id=$id_") or $db->err(__FILE__, __LINE__);
		$d=$db->fetch_object();
		if($d->visible==0) {
			$db->query("UPDATE $conf[prefix]news SET visible=1 WHERE id=$id_") or $db->err(__FILE__, __LINE__);
			
			$languages = get_lang_list();
			foreach($languages as $l) {
				$t='text_'.$l;
				if(!empty($d->$t))
					cat_update_values($d->cat, 1, 'news_'.$l);
			}
		}
	}

	redirect($_SESSION['redirect_2']);
	exit; 
}

?>
